How Software Obsolescence Impacts Organisations

Any organisation that uses software must deal with the topic of software obsolescence. Irrespective of whether end users interact directly with it or if it is embedded within a device, the day will come when the software is outdated and no longer supported.


Software obsolescence happens because of technological, functional, regulatory, and security factors, or a combination of them. Organisations mature and evolve through mergers, acquisitions, organic growth, and changes in company direction. Each one of these adds systems that will someday become obsolete.

Ignoring software obsolescence has consequences, namely:

  • Security risks: Outdated software is more likely to have known security vulnerabilities that can be exploited by attackers.
  • Compliance risks: Organisations that use outdated software may be in violation of government regulations.
  • Performance issues: Outdated software may not run as efficiently as newer software and may not be compatible with newer hardware.
  • Compatibility issues: Outdated software may not be compatible with newer software or operating systems.
  • Increased costs: Organisations may need to spend more money on support and maintenance for outdated software.
  • Reduced productivity: Outdated software may be less efficient and user-friendly than newer software, which can lead to reduced productivity.

COBOL; Mainframe; SQL Injection; Device Driver Incompatibility; Encryption at Source and in Transit; Works only with Windows 95; Not user-friendly; Ancient and limited report generation functions are all phases we may hear or think about when we interact with obsolete software.

When software is hosted within an organisation's data centres (private cloud), the organisation may decide to delay updating obsolete software simply because it owns the entire stack. This is a risk the company would have to assume.

On the other hand, when organisations are relying on public cloud services, their obsolesces strategy depends on the decisions taken by the cloud providers. These companies have a contractual obligation towards their customers, regulators, security, and profitability to ensure that their software does not become obsolete. As a result, these organisations are regularly announcing changes to their services, and every client that uses them will need to be updated before the defunct software is retired. Clients will need to pay attention to these announcements and make changes from their end to ensure continued operation.

The page https://gs.statcounter.com/os-market-share provides data on OS usage by month. It covers PCs as well as mobile phone OSs. Almost 5 percent of Windows computers were running unsupported versions as of September 2023. Some companies are still using Windows XP. Similar trends can be observed for other platforms.

The obsolescence strategy of cloud providers should be seen as a positive opportunity for customers to review their obsolete software if they do not have such a strategy in place. Simply making the cloud software work with the new version of a cloud service should be seen as an opportunity to review the solution in its entirety.

Cloud providers' updates do not absolve companies from having to review those areas that they are responsible for. A company that has a solution with code that is vulnerable to SQL injection or path traversal attacks will not remove that vulnerability just because the cloud company updated the database to the latest version or upgraded the OS that it will support. 

 

Follow This, That and Maybe, the Other:

Comments

Popular posts from this blog

20150628 Giarratana Circular

HOWTO setup OpenVPN server and client configuration files using EasyRSA

How to clone and synchronise a GitHub repository on Android